Ffjpeg

ffjpeg

Vendor: Rockcarry • 19 CVEs

CVEs (19)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-24222 1Rockcarry 1Ffjpeg Jun 17, 2026 Aug 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN.
CVE-2022-28471 1Rockcarry 1Ffjpeg Jun 17, 2026 May 5, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch...Show more In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38Show less
CVE-2021-34122 1Rockcarry 1Ffjpeg Jun 17, 2026 Mar 10, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NULL pointer dereference.
CVE-2021-45385 1Rockcarry 1Ffjpeg Jun 17, 2026 Feb 11, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and di...Show more A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438.Show less
CVE-2021-44957 1Rockcarry 1Ffjpeg Jun 17, 2026 Feb 8, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a cr...Show more Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file.Show less
CVE-2021-44956 1Rockcarry 1Ffjpeg Jun 17, 2026 Feb 8, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Serv...Show more Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file.Show less
CVE-2020-23705 1Rockcarry 1Ffjpeg Jun 17, 2026 Jul 15, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.
CVE-2020-23852 1Rockcarry 1Ffjpeg Jun 17, 2026 May 18, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void ctxt, BMP pb) function at ffjpeg/src/jfif.c (line 544 & line 545), which could cause a denial of service by submitt...Show more A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void ctxt, BMP pb) function at ffjpeg/src/jfif.c (line 544 & line 545), which could cause a denial of service by submitting a malicious jpeg image.Show less
CVE-2020-23851 1Rockcarry 1Ffjpeg Jun 17, 2026 May 18, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void ctxt, BMP pb) function at ffjpeg/src/jfif.c:513:28, which could cause a denial of service by submitting a maliciou...Show more A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void ctxt, BMP pb) function at ffjpeg/src/jfif.c:513:28, which could cause a denial of service by submitting a malicious jpeg image.Show less
CVE-2020-15470 1Rockcarry 1Ffjpeg Jun 17, 2026 Jul 1, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c.
CVE-2020-13440 1Rockcarry 1Ffjpeg Jun 17, 2026 May 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.
CVE-2020-13439 1Rockcarry 1Ffjpeg Jun 17, 2026 May 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.
CVE-2020-13438 1Rockcarry 1Ffjpeg Jun 17, 2026 May 24, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.
CVE-2019-19888 1Rockcarry 1Ffjpeg Jun 17, 2026 Dec 18, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zero error.
CVE-2019-19887 1Rockcarry 1Ffjpeg Jun 17, 2026 Dec 18, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointer dereference related to jfif_encode.
CVE-2019-16352 1Rockcarry 1Ffjpeg Jun 17, 2026 Sep 16, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c.
CVE-2019-16351 1Rockcarry 1Ffjpeg Jun 17, 2026 Sep 16, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c.
CVE-2019-16350 1Rockcarry 1Ffjpeg Jun 17, 2026 Sep 16, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c.
CVE-2018-16781 1Rockcarry 1Ffjpeg Nov 21, 2024 Sep 10, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table.